People are Dying for Updates

Windows 10 is doing something that users don’t expect – auto-restart and patching. I’ve seen it more with the recent Windows 10 update and it’s interesting to watch. I see a cultural change where people are starting to say they don’t mind, it works and it’s probably good. While one can configure it how they like, this default setting is very helpful in moving consumers forward. But what about inter-dependencies and unexpected results when one patches? Recently a news article identified “mis-configured AV software” that put a patient at risk during heart surgery when AV updated and rebooted a hemo monitor. A delay of five minutes took place during this critical event. Human error would be what would be recorded on the death certificate if that was indeed the outcome. In this case nobody was hurt, but increased interdependence, vulnerability, and unchecked human errors of this nature are increasingly more likely in an ever-connected IoT world. Do you have strong governance over your security plan to prevent such a mishap? What is your patch and restart policy on workstations, servers, and other mission critical networked assets? Are you vulnerable to embedded technologies that may put performance at risk? Are you auditing it and implementing controls to lower or minimize risk exposure? Good questions to ask before your reboot into a heart attack.